PHP session destroyed after finishing payment on other site (mercadopago.com)

Question

I have a website that use mercadopago payments (similar to PayPal, from South America).

When user finish payment and is redirected back to my site, I get a new session id and I am not able to read old one, also not able to read previously set cookies.

My problem is that I need cookie or session value to keep user logged in, if not, I need to ask user and password again and the client does not like that.

This is the code that I am using to set the cookies, with comments explaining my problem:

<?php 

    session_start();
    include("db-connection.php");
    if(isset($_SESSION["id_alumno"]))
    {
     $sid=session_id();
      if(isset($_COOKIE["user_token"])){
      //just for debbuging
      //echo "user_token is a  " . $_COOKIE["user_token"];
     }else{
      //set cookie and update same value in database
      setcookie("user_token", $sid, time()+2*24*60*60);
      $id_alumno=$_SESSION["id_alumno"];
      $sql="UPDATE `alumno` SET `login_token` = '$sid', `login_creado` = NOW() WHERE `alumno`.`id` = '$id_alumno'";
      $res=mysqli_query($link, $sql); //this connection values are send in a db-connection.php already included.
      }
    }else{
     $cookie_value=$_COOKIE["user_token"]; // here is my problem, I can't access this value, checking cookie information using chrome and the plugin web developer, I get 2 PHPSESSID (old which was used to set cookie with user_token, and also the user token value, and also this new PHPSESSID)
     if(isset($cookie_value)){
      $sql="SELECT * FROM alumno where login_token='$cookie_value' and login_token!='no'";
      $res=mysqli_query($link, $sql);
      if($reg=mysqli_fetch_array($res))
      {
       //here I can login back the user
      }//mysql query
     }//if isset cookie value
    }
    ?>

score 1 · Accepted Answer · answered Nov 15 '21 at 19:02

1

You're using session_start() with it's default options. As soon as you leave your site the session cookie expires.

Try example #3 from the manual:

<?php
// This sends a persistent cookie that lasts a day.
session_start([
    'cookie_lifetime' => 86400,
]);
?>

This sends a persistent cookie that lasts a day.

See also: How do I create persistent sessions in PHP?

answered Nov 15 '21 at 19:02

KIKO Software

15,283
3
18
33

@SebastianOcaño I'm not quite sure what you're saying, but the logic in your code is also a bit off. You never set the `$_SESSION["id_alumno"]` value, therefore you can never set the `user_token` cookie. I don't know what your intentions with these things are, so I cannot correct it. – KIKO Software Nov 15 '21 at 20:17
Thanks, I have try and I found the problem, the redirection link created on payment site was wrong, I was using the website with www. on redirection and the payment process before was not using www, so change that and it works well now. thanks a lot for your answer. – Sebastian Ocaño Nov 15 '21 at 20:32
about $_SESSION["id_alumno"], its set after sucessful user login, in a different page, here just checks if that exists or not. – Sebastian Ocaño Nov 15 '21 at 20:34

PHP session destroyed after finishing payment on other site (mercadopago.com)

1 Answers1